lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX A non admin user can not download files attached to user.

Browse Source
This commit is contained in:
Laurent Destailleur 2017-04-27 02:03:59 +02:00
parent 95788c9699
commit d390acc888
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/files.lib.php
View File

@ -1557,7 +1557,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
else if ($modulepart == 'user' && !empty($conf->user->dir_output))
{
$canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->lire);
if ($user->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card
if ($fuser->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card
if ($canreaduser || preg_match('/^specimen/i',$original_file))
{
$accessallowed=1;